With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the module to be tainted with the
TAINT_FORCED_MODULE flag. That in turn taints the kernel, which also
disables lockdep.
Tainting the module and kernel when we don't consider something to be an
error seems excessive. This marks sig_ok as true if we aren't in enforcing
mode.
Reported-by: Frank Ch. Eigler <f...@redhat.com>
Signed-off-by: Josh Boyer <jwbo...@redhat.com>
---
kernel/module.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 250092c..a50172e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2443,8 +2443,10 @@ static int module_sig_check(struct load_info *info)
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",
err);
- if (err == -ENOKEY && !sig_enforce)
+ if (err == -ENOKEY && !sig_enforce) {
+ info->sig_ok = true;
err = 0;
+ }
return err;
}
--
1.8.0.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
